Quest KACE SMA authentication bypass exploited in the wild (CVE-2025-32975)

Actively exploited in the wild - CVE-2025-32975 is a critical authentication bypass in Quest KACE SMA versions 13.0.x through 14.1.x that grants unauthenticated attackers full administrative takeover, allowing data theft, malware deployment, and network-wide compromise. Apply patches immediately: 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), or 14.1.101 (Patch 4).

Overview

A critical authentication bypass vulnerability in the Quest KACE Systems Management Appliance (SMA) is confirmed to be actively exploited by attackers. Tracked as CVE-2025-32975, this flaw allows unauthenticated attackers to impersonate legitimate users, including administrators, without needing valid credentials. The vulnerability resides in the appliance’s Single Sign-On (SSO) authentication handling mechanism.

Affected Versions

The vulnerability impacts multiple versions of the Quest KACE SMA. You are affected if you are running:

• Version 13.0.x before 13.0.385
• Version 13.1.x before 13.1.81
• Version 13.2.x before 13.2.183
• Version 14.0.x before 14.0.341 (Patch 5)
• Version 14.1.x before 14.1.101 (Patch 4)

Impact and Exploitation

With a maximum CVSS score of 10.0, this vulnerability is extremely severe. Attackers can exploit it over the network with no prior privileges and without any user interaction. Successful exploitation leads to a complete bypass of the login system. An attacker can assume the identity of any user, granting them the same permissions and access. This can result in a full administrative takeover of the SMA, enabling data theft, deployment of malware, or disruption of managed endpoints across the network. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild attacks.

Remediation and Mitigation

The primary and immediate action is to apply the vendor-provided patches. Quest has released fixed versions for all affected branches. Update your appliance to one of the following versions:

• 13.0.385
• 13.1.81
• 13.2.183
• 14.0.341 (Patch 5)
• 14.1.101 (Patch 4)

Apply these updates as soon as possible. If immediate patching is not feasible, you should consider isolating the KACE SMA management interface from untrusted networks, such as the internet, as a temporary measure. Monitor appliance logs for any unusual authentication attempts or administrative activities. For more on recent threats, see our security news section.

Security Insight

This vulnerability underscores the critical risk posed by flaws in authentication gateways, especially in centralized management systems. A single bypass in a tool like KACE SMA, which has privileged access to an entire fleet of devices, creates a disproportionate attack surface. It mirrors the impact of similar high-severity flaws in other management platforms, where an authentication failure can lead to instantaneous network-wide compromise, highlighting why these systems are prime targets for attackers.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs